1. The purpose of publishing a new SyStem of Records Notice (SORN) in the Federal Register is to allow for individuals to comment on information that is collected and maintained in a System of Records.

A.&nbsp

True

B.&nbsp

False

2.

2. The Privacy Act addresses Systems of Records.

A.&nbsp

True

B.&nbsp

False

3.

3. Which of the following woulld unlikely be considered Personally Identifiable Information?

A.&nbsp

Name and SSN

B.&nbsp

A relative's business address

C.&nbsp

Personal information that can be linked to a specific individual

4.

4. Under the Privacy Act, an individual may be denied access to records if:

A.&nbsp

There are civil proceedings pending

B.&nbsp

The provider determines it is not in the best interest of a minor, based on exemptions included in HIPAA

C.&nbsp

Both of the above

5.

5. Privacy laws and regulations allow individuals to file complaints if they believe their rights have been violated.

A.&nbsp

True

B.&nbsp

False

6.

6. The Privacy Act provides for civil penalties to be imposed by the Federal Government.

A.&nbsp

True

B.&nbsp

False

7.

7. The Privacy Act requires that an individual be given a(n) ___________ when personal information will be collected and maintained.

A.&nbsp

Notice of Privacy Practices

B.&nbsp

Authorization

C.&nbsp

Privacy Act Statement

8.

8. Exceptions to the Accounting of Disclosures include which of the following:

A.&nbsp

For routine Treatment, Payment and Healhcare Operations (TPO)

B.&nbsp

Made without the prior approval of the individual

C.&nbsp

Made to the individual for his or her own PHI/PII

D.&nbsp

A and c only

9.

9. Under HIPAA, individuals are granted acess to medical records within ____ working days after receipt of the request, or they must be notified of the delay/denial in writing.

A.&nbsp

10

B.&nbsp

40

C.&nbsp

30

D.&nbsp

90

10.

10. The Business Associate's Agreement (BAA) provides guidance and documentation as to the Business Associate's responsibilities in protecting Protected Health Information (PHI).

A.&nbsp

True

B.&nbsp

False

11.

11. When using and disclosing sensitive information, it is important to minimize incidental disclosures by doing which of the following?

A.&nbsp

Not discussing others' personal information in public places.

B.&nbsp

Protecting computer screens from public view

C.&nbsp

Observing the Minimum Necessary Standard

D.&nbsp

All of the above

12.

12. HIPAA requires health organizations to retain a broad range of documentation for ____ years from the date the document was first created or from the date that the document was last in effect, whichever is later.

A.&nbsp

6

B.&nbsp

4

C.&nbsp

10

13.

13. Which of the following is a right for individuals under HIPAA?

A.&nbsp

Request restrictions on release of their PHI

B.&nbsp

File a complaint

C.&nbsp

Discover outside disclosures

D.&nbsp

Request copies

E.&nbsp

All of the above

14.

14. What should you do if you receive an email with an attachment from someone who you do not recognize?

A.&nbsp

Open it to see what it is

B.&nbsp

Delete the email

C.&nbsp

Reply to the email

15.

15. Under the HIPAA Security Rule, the three categories of safeguards incude:

A.&nbsp

Evaluation, Management and Mitigation

B.&nbsp

Confidentiality, Ingetrity and Availability

C.&nbsp

Administrative, Physical amd Technical

16.

16. An example of an accidental disclosure of PHI is faxing personal information to the wrong fax number.